CVE-2025-9231: 
OpenSSL vulnerability analysis and mitigation

CVE-2025-9231 is a timing side-channel vulnerability discovered in the SM2 algorithm implementation on 64-bit ARM platforms. The vulnerability was reported on August 18, 2025, by Stanislav Fort from Aisle Research. It affects OpenSSL versions 3.2 through 3.5, while versions 3.1, 3.0, 1.1.1, and 1.0.2 are not vulnerable (OpenSSL Advisory). The vulnerability has been assigned a CVSS score of 6.5 (Medium) (Ubuntu CVE).

The vulnerability exists in the SM2 algorithm implementation specifically on 64-bit ARM platforms. Timing measurements revealed a timing signal that could potentially allow remote recovery of the private key through timing side-channel analysis. While OpenSSL does not directly support certificates with SM2 keys in TLS, the vulnerability becomes relevant when such support is added via a custom provider (OpenSSL Advisory). The issue has been fixed by implementing constant-time modular inversion, as evidenced by the code changes in the OpenSSL repository (OpenSSL Commit).

The vulnerability could allow an attacker to recover the private key through timing measurements. While remote key recovery over a network was not demonstrated by the reporter, the presence of a timing signal suggests such an attack might be possible. The impact is particularly relevant in contexts where custom providers are used to add support for SM2 certificates (OpenSSL Advisory).

Users of affected versions should upgrade to the following patched versions: OpenSSL 3.5.4, OpenSSL 3.4.3, OpenSSL 3.3.5, or OpenSSL 3.2.6, depending on their current version. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue as SM2 is not an approved algorithm (OpenSSL Advisory).